It's been a little while since I deployed a WSA and I see a new tool, the Active Directoy Agent. I understand from the docs it's used to get usernames from AD for the current logged on user when using NTLM authentication for transparent auth.
My question is why?!
When I last set up a WSA with NTLM for transparent auth we didn't have to use the Agent. NTLM revealed the username as part of what it does and we could use that to bind sessions with access policies, etc.
Yet the docs say:
"Create an NTLM authentication realm and enable transparent user identification.
In addition, you must deploy a separate utility called the Cisco Active Directory Agent (AD Agent). "
So, why is that? What does the agent get me that I didn't use to get? Do I really have to use it?
No you don't have to use it. It makes a few things work better, namely internet apps that do not support authentication can be authenticated before the app starts using AD. We have a couple of apps that without the ADAgent, the user has to hit an external web page first, then the app will work. Also if you're running windows, but the browser of choice can't do AD integrated auth, this would address the issue..
The ADAgent is the same app as used for the ASA "Identity Firewall" features, you can use the same install...
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr...
ISE Node TerminologyISE DeploymentsISE Deployment Scale and LimitsISE Hardware PlatformsISE PSN PerformanceISE TrustSec ScalingISE Storage RequirementsISE ERS ScaleISE WAN Bandwidth CalculatorSources
About this Document
Cisco Secure Endpoint (for...